RHCE·叁
实验要求具体如下
使用client的xiaoming用户基于秘钥认证方式通过端口2000使用ssh登录server端的xiaoming用户和xiaohei用户,server端的其他用户都不可被远程登录。
提前准备
- 准备两台虚拟机,一台作为Client,一台作为Server
Server端
安装openssh-server
[root@localhost ~]# yum install openssh-server -y
编辑服务器端ssh配置文件
[root@localhost ~]# vim /etc/ssh/sshd_config
添加2000端口
添加白名单用户 xiaoming、xiaohei
在server端创建用户
关闭Server端防火墙,selinux 重启sshd服务
Client端
切换到xiaoming下,生成密钥对
root@localhost ~]# su - xiaoming
上一次登录:四 9月 30 19:24:20 CST 2021pts/1 上
[xiaoming@localhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/xiaoming/.ssh/id_rsa):
Created directory '/home/xiaoming/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xiaoming/.ssh/id_rsa.
Your public key has been saved in /home/xiaoming/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Egd04lj2kQKqA/mgGUAypp6CvcMOTg0UqOe++83LBy8 xiaoming@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|*+ .o* o. |
|*o.. =.=.. |
|B.. . o.o |
|BBo o |
|B*o . S |
|.o+. .. |
|.o+. o |
|oo.. +E o |
| .++. =+ |
+----[SHA256]-----+
将客户端(client)产生的公钥传给服务端(sever)的用户xiaoming和xiaohei家目录下.ssh/authorized_keys文件
[xiaoming@localhost ~]$ ssh-copy-id xiaoming@192.168.30.130 -p 2000
[xiaoming@localhost ~]$ ssh-copy-id xiaohei@192.168.30.130 -p 2000
在Server端查看公钥文件是否传输成功
测试·一
在客户端用户为xiaoming时,使用ssh远程登录服务端的xiaoming和xiaohei用户,端口号为2000
[root@localhost ~]# ssh xiaoming@192.168.30.130 -p 2000
[root@localhost ~]# ssh xiaohei@192.168.30.130 -p 2000
测试·二
创建一个小红用户,并使用小红用户远程连接小明或者小黑
[root@localhost ~]# useradd xiaohong
en[root@localhost ~]# echo redhat | passwd --stdin xiaohong
更改用户 xiaohong 的密码 。
passwd:所有的身份验证令牌已经成功更新。
[root@localhost ~]# ssh xiaohong@192.168.30.130 -p 2000
xiaohong@192.168.30.130's password:
Permission denied, please try again.
xiaohong@192.168.30.130's password:
Permission denied, please try again.
xiaohong@192.168.30.130's password:
xiaohong@192.168.30.130: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).